Cisco IOS: Disable Telnet access… or enable SSH

Telnet access is enabled by default on some IOS releases. See this article for why this is bad.

If you don’t need Telnet access, you should disable it. The commands are as follows:

  1. line vty 0 4
  2. transport input none

If you do need remote terminal access, you should switch Telnet to SSH where possible. Be sure to set a secure password.

  1. ip domain-name your.domain.com
  2. crypto key generate rsa
  3. username yourusername secret supersecretpassword
  4. line vty 0 4
  5. transport input ssh
  6. login local

The crypto key generate rsa command will ask you “How many bits in the modulus”. It is recommended to use at least 2048.

Leave a Reply

Your email address will not be published. Required fields are marked *